Hi,
I wanted to confirmed that this is not just a side effect of a temporary
possibility now that we can use both the following cases below. I am
asking as this is clear in man 5 pf.conf, but there isn't any mention of
it in man 5 bgpd.conf, however testing it does show as working.
Just want to be sure this is not just a temporary situation and it is
actually intended to be and may be added to the man page as well.
I just wouldn't want to be surprise down the road.
Long version
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
Short version
deny from any prefix 10/8 prefixlen >= 8
deny from any prefix 172.16/12 prefixlen >= 12
deny from any prefix 192.168/16 prefixlen >= 16
deny from any prefix 169.254/16 prefixlen >= 16
deny from any prefix 192.0.2/24 prefixlen >= 24
deny from any prefix 224/4 prefixlen >= 4
deny from any prefix 240/4 prefixlen >= 4
Not a huge deal obviously, just wanted to confirmed it or not as being
supported going forward.
Best,
Daniel
